O_TMPFILE, like O_CREAT, should respect the requested mode and should
create regular files.
This fixes two bugs: O_TMPFILE required privilege (because the mode
ended up as 000) and it produced bogus inodes with no type.
Change-Id: Ie4da9ede57e481c7edb113c5bc6329fefef41f4e
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[suggested by Rasmus Villemoes] make O_DIRECTORY | O_RDWR part of O_TMPFILE;
that will fail on old kernels in a lot more cases than what I came up with.
And make sure O_CREAT doesn't get there...
Change-Id: Iaa3c8b487d44515b539150bdb5d0b749b87d3ea2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This allows filesystems to use their mount private data to
influence the permssions they use in setattr2. It has
been separated into a new call to avoid disrupting current
setattr users.
Change-Id: I19959038309284448f1b7f232d579674ef546385
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This allows filesystems to use their mount private data to
influence the permssions they return in permission2. It has
been separated into a new call to avoid disrupting current
permission users.
Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca
Signed-off-by: Daniel Rosenberg <drosen@google.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJVoAOcAAoJEDjbvchgkmk+UhcP/1EOwnsJDcZ/sZkkclNgRmrJ
yLBCW65caLAI2E3SmIdKvHQwIx7lHzX5gmWRBrvx+fIl4KhaNKEQ0NCOf1ATaVuQ
MkYMdkicXWpLiFNdKokezryevGS8T1RME+2QlPFv3++Rby1Gy90YD5tu7YlIrEn7
sPRJQHEPCzVAQ7Lqhd66yHICM6/QvdefXj4pjh7vV8IMb2YwnY4vqYt7RxnJCUfP
tqljxrT274kzpA2awzALNh+o3B3/Y4W9ROmlDWviw3JBc9gEqFXYwbDf8KDwA5c0
sp9GPGed/dV5DFuqRcAHksJenFnE3E4gZjo/R5hluHQU27peBuRfXev2hZyBfZqG
796eUOky8fb0OiyxHfT2vhfGeD7CHI/asvIAORjDBVUqzJy9nkkby3XJ0U4tW+pz
VkcilD2oHw1uRIFH3JoBWTJ9W6CYSNFG1qxw+brgfKT5otJG/dBiI8kBABx+aTq7
V+A2cvf11oVwDEb93dnVypMGsfCywqzJUwEIRli9fTFjK7Fg9CBSGX38nwVGUaRv
M2/NeloTyWqUQE41Nd11gCu+hKQRtUU77nxpZcSeKn1XsbpO9/7dHTwcELRuKnTD
9XDksqPznXmC9KXGj7XMcRkLyWyB//JHjay0FCS6b4S6v7R5nrEIRjcpdB+H1WLd
zMOXRH4ZlcOAS/Yt2QMd
=8AB3
-----END PGP SIGNATURE-----
Merge upstream tag 'v3.10.84' into LA.BR.1.3.3
This merge brings us up-to-date as of upstream tag v3.10.84
* tag 'v3.10.84' (317 commits):
Linux 3.10.84
fs: Fix S_NOSEC handling
KVM: x86: make vapics_in_nmi_mode atomic
MIPS: Fix KVM guest fixmap address
x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A
powerpc/perf: Fix book3s kernel to userspace backtraces
arm: KVM: force execution of HCPTR access on VM exit
Revert "crypto: talitos - convert to use be16_add_cpu()"
crypto: talitos - avoid memleak in talitos_alg_alloc()
sctp: Fix race between OOTB responce and route removal
packet: avoid out of bounds read in round robin fanout
packet: read num_members once in packet_rcv_fanout()
bridge: fix br_stp_set_bridge_priority race conditions
bridge: fix multicast router rlist endless loop
sparc: Use GFP_ATOMIC in ldc_alloc_exp_dring() as it can be called in softirq context
Linux 3.10.83
bus: mvebu: pass the coherency availability information at init time
KVM: nSVM: Check for NRIPS support before updating control field
ARM: clk-imx6q: refine sata's parent
d_walk() might skip too much
ipv6: update ip6_rt_last_gc every time GC is run
ipv6: prevent fib6_run_gc() contention
xfrm: Increase the garbage collector threshold
Btrfs: make xattr replace operations atomic
x86/microcode/intel: Guard against stack overflow in the loader
fs: take i_mutex during prepare_binprm for set[ug]id executables
hpsa: add missing pci_set_master in kdump path
hpsa: refine the pci enable/disable handling
sb_edac: Fix erroneous bytes->gigabytes conversion
ACPICA: Utilities: Cleanup to remove useless ACPI_PRINTF/FORMAT_xxx helpers.
ACPICA: Utilities: Cleanup to convert physical address printing formats.
__ptrace_may_access() should not deny sub-threads
include/linux/sched.h: don't use task->pid/tgid in same_thread_group/has_group_leader_pid
netfilter: Zero the tuple in nfnl_cthelper_parse_tuple()
netfilter: nfnetlink_cthelper: Remove 'const' and '&' to avoid warnings
config: Enable NEED_DMA_MAP_STATE by default when SWIOTLB is selected
get rid of s_files and files_lock
fput: turn "list_head delayed_fput_list" into llist_head
Linux 3.10.82
lpfc: Add iotag memory barrier
pipe: iovec: Fix memory corruption when retrying atomic copy as non-atomic
drm/mgag200: Reject non-character-cell-aligned mode widths
tracing: Have filter check for balanced ops
crypto: caam - fix RNG buffer cache alignment
Linux 3.10.81
btrfs: cleanup orphans while looking up default subvolume
btrfs: incorrect handling for fiemap_fill_next_extent return
cfg80211: wext: clear sinfo struct before calling driver
mm/memory_hotplug.c: set zone->wait_table to null after freeing it
drm/i915: Fix DDC probe for passive adapters
pata_octeon_cf: fix broken build
ozwpan: unchecked signed subtraction leads to DoS
ozwpan: divide-by-zero leading to panic
ozwpan: Use proper check to prevent heap overflow
MIPS: Fix enabling of DEBUG_STACKOVERFLOW
ring-buffer-benchmark: Fix the wrong sched_priority of producer
USB: serial: ftdi_sio: Add support for a Motion Tracker Development Board
USB: cp210x: add ID for HubZ dual ZigBee and Z-Wave dongle
block: fix ext_dev_lock lockdep report
Input: elantech - fix detection of touchpads where the revision matches a known rate
ALSA: usb-audio: add MAYA44 USB+ mixer control names
ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion
ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420
iio: adis16400: Compute the scan mask from channel indices
iio: adis16400: Use != channel indices for the two voltage channels
iio: adis16400: Report pressure channel scale
xen: netback: read hotplug script once at start of day.
udp: fix behavior of wrong checksums
net_sched: invoke ->attach() after setting dev->qdisc
unix/caif: sk_socket can disappear when state is unlocked
net: dp83640: fix broken calibration routine.
bridge: fix parsing of MLDv2 reports
ipv4: Avoid crashing in ip_error
net: phy: Allow EEE for all RGMII variants
Linux 3.10.80
fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings
vfs: read file_handle only once in handle_to_path
ACPI / init: Fix the ordering of acpi_reserve_resources()
Input: elantech - fix semi-mt protocol for v3 HW
rtlwifi: rtl8192cu: Fix kernel deadlock
md/raid5: don't record new size if resize_stripes fails.
svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures
ARM: fix missing syscall trace exit
ARM: dts: imx27: only map 4 Kbyte for fec registers
crypto: s390/ghash - Fix incorrect ghash icv buffer handling.
rt2x00: add new rt2800usb device DWA 130
libata: Ignore spurious PHY event on LPM policy change
libata: Add helper to determine when PHY events should be ignored
ext4: check for zero length extent explicitly
ext4: convert write_begin methods to stable_page_writes semantics
mmc: atmel-mci: fix bad variable type for clkdiv
powerpc: Align TOC to 256 bytes
usb: gadget: configfs: Fix interfaces array NULL-termination
usb-storage: Add NO_WP_DETECT quirk for Lacie 059f:0651 devices
USB: cp210x: add ID for KCF Technologies PRN device
USB: pl2303: Remove support for Samsung I330
USB: visor: Match I330 phone more precisely
xhci: gracefully handle xhci_irq dead device
xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256
xhci: fix isoc endpoint dequeue from advancing too far on transaction error
target/pscsi: Don't leak scsi_host if hba is VIRTUAL_HOST
ASoC: wm8994: correct BCLK DIV 348 to 384
ASoC: wm8960: fix "RINPUT3" audio route error
ASoC: mc13783: Fix wrong mask value used in mc13xxx_reg_rmw() calls
ALSA: hda - Add headphone quirk for Lifebook E752
ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724
d_walk() might skip too much
lib: Fix strnlen_user() to not touch memory after specified maximum
hwmon: (ntc_thermistor) Ensure iio channel is of type IIO_VOLTAGE
libceph: request a new osdmap if lingering request maps to no osd
lguest: fix out-by-one error in address checking.
fs, omfs: add NULL terminator in the end up the token list
KVM: MMU: fix CR4.SMEP=1, CR0.WP=0 with shadow pages
net: socket: Fix the wrong returns for recvmsg and sendmsg
kernel: use the gnu89 standard explicitly
staging, rtl8192e, LLVMLinux: Remove unused inline prototype
staging: rtl8712, rtl8712: avoid lots of build warnings
staging, rtl8192e, LLVMLinux: Change extern inline to static inline
drm/i915: Fix declaration of intel_gmbus_{is_forced_bit/is_port_falid}
staging: wlags49_h2: fix extern inline functions
Linux 3.10.79
ACPICA: Utilities: Cleanup to enforce ACPI_PHYSADDR_TO_PTR()/ACPI_PTR_TO_PHYSADDR().
ACPICA: Tables: Change acpi_find_root_pointer() to use acpi_physical_address.
revert "softirq: Add support for triggering softirq work on softirqs"
sound/oss: fix deadlock in sequencer_ioctl(SNDCTL_SEQ_OUTOFBAND)
mmc: card: Don't access RPMB partitions for normal read/write
pinctrl: Don't just pretend to protect pinctrl_maps, do it for real
drm/i915: Add missing MacBook Pro models with dual channel LVDS
ARM: mvebu: armada-xp-openblocks-ax3-4: Disable internal RTC
ARM: dts: imx23-olinuxino: Fix dr_mode of usb0
ARM: dts: imx28: Fix AUART4 TX-DMA interrupt name
ARM: dts: imx25: Add #pwm-cells to pwm4
gpio: sysfs: fix memory leaks and device hotplug
gpio: unregister gpiochip device before removing it
xen/console: Update console event channel on resume
mm/memory-failure: call shake_page() when error hits thp tail page
nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()
ocfs2: dlm: fix race between purge and get lock resource
Linux 3.10.78
ARC: signal handling robustify
UBI: fix soft lockup in ubi_check_volume()
Drivers: hv: vmbus: Don't wait after requesting offers
ARM: dts: dove: Fix uart[23] reg property
staging: panel: fix lcd type
usb: gadget: printer: enqueue printer's response for setup request
usb: host: oxu210hp: use new USB_RESUME_TIMEOUT
3w-sas: fix command completion race
3w-9xxx: fix command completion race
3w-xxxx: fix command completion race
ext4: fix data corruption caused by unwritten and delayed extents
rbd: end I/O the entire obj_request on error
serial: of-serial: Remove device_type = "serial" registration
ALSA: hda - Fix mute-LED fixed mode
ALSA: emu10k1: Emu10k2 32 bit DMA mode
ALSA: emu10k1: Fix card shortname string buffer overflow
ALSA: emux: Fix mutex deadlock in OSS emulation
ALSA: emux: Fix mutex deadlock at unloading
ipv4: Missing sk_nulls_node_init() in ping_unhash().
Linux 3.10.77
s390: Fix build error
nosave: consolidate __nosave_{begin,end} in <asm/sections.h>
memstick: mspro_block: add missing curly braces
C6x: time: Ensure consistency in __init
wl18xx: show rx_frames_per_rates as an array as it really is
lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR
e1000: add dummy allocator to fix race condition between mtu change and netpoll
ksoftirqd: Enable IRQs and call cond_resched() before poking RCU
RCU pathwalk breakage when running into a symlink overmounting something
drm/i915: cope with large i2c transfers
drm/radeon: fix doublescan modes (v2)
i2c: core: Export bus recovery functions
IB/mlx4: Fix WQE LSO segment calculation
IB/core: don't disallow registering region starting at 0x0
IB/core: disallow registering 0-sized memory region
stk1160: Make sure current buffer is released
mvsas: fix panic on expander attached SATA devices
Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open()
xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range
xtensa: xtfpga: fix hardware lockup caused by LCD driver
ACPICA: Utilities: split IO address types from data type models.
drivers: parport: Kconfig: exclude arm64 for PARPORT_PC
scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
UBI: fix check for "too many bytes"
UBI: initialize LEB number variable
UBI: fix out of bounds write
UBI: account for bitflips in both the VID header and data
tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support for O= option in Makefile
powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
ext4: make fsync to sync parent dir in no-journal for real this time
arm64: kernel: compiling issue, need delete read_current_timer()
video: vgacon: Don't build on arm64
console: Disable VGA text console support on cris
drivers: parport: Kconfig: exclude h8300 for PARPORT_PC
parport: disable PC-style parallel port support on cris
rtlwifi: rtl8192cu: Add new device ID
rtlwifi: rtl8192cu: Add new USB ID
ptrace: fix race between ptrace_resume() and wait_task_stopped()
fs/binfmt_elf.c: fix bug in loading of PIE binaries
Input: elantech - fix absolute mode setting on some ASUS laptops
ALSA: emu10k1: don't deadlock in proc-functions
usb: core: hub: use new USB_RESUME_TIMEOUT
usb: host: sl811: use new USB_RESUME_TIMEOUT
usb: host: xhci: use new USB_RESUME_TIMEOUT
usb: host: isp116x: use new USB_RESUME_TIMEOUT
usb: host: r8a66597: use new USB_RESUME_TIMEOUT
usb: define a generic USB_RESUME_TIMEOUT macro
usb: phy: Find the right match in devm_usb_phy_match
ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore
ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE
power_supply: lp8788-charger: Fix leaked power supply on probe fail
ring-buffer: Replace this_cpu_*() with __this_cpu_*()
spi: spidev: fix possible arithmetic overflow for multi-transfer message
cdc-wdm: fix endianness bug in debug statements
MIPS: Hibernate: flush TLB entries earlier
KVM: use slowpath for cross page cached accesses
s390/hibernate: fix save and restore of kernel text section
KVM: s390: Zero out current VMDB of STSI before including level3 data.
usb: gadget: composite: enable BESL support
Btrfs: fix inode eviction infinite loop after cloning into it
Btrfs: fix log tree corruption when fs mounted with -o discard
tcp: avoid looping in tcp_send_fin()
tcp: fix possible deadlock in tcp_send_fin()
ip_forward: Drop frames with attached skb->sk
Linux 3.10.76
dcache: Fix locking bugs in backported "deal with deadlock in d_walk()"
arc: mm: Fix build failure
sb_edac: avoid INTERNAL ERROR message in EDAC with unspecified channel
x86: mm: move mmap_sem unlock from mm_fault_error() to caller
vm: make stack guard page errors return VM_FAULT_SIGSEGV rather than SIGBUS
vm: add VM_FAULT_SIGSEGV handling support
deal with deadlock in d_walk()
move d_rcu from overlapping d_child to overlapping d_alias
kconfig: Fix warning "‘jump’ may be used uninitialized"
KVM: x86: SYSENTER emulation is broken
netfilter: conntrack: disable generic tracking for known protocols
Bluetooth: Ignore isochronous endpoints for Intel USB bootloader
Bluetooth: Add support for Intel bootloader devices
Bluetooth: btusb: Add IMC Networks (Broadcom based)
Bluetooth: Add firmware update for Atheros 0cf3:311f
Bluetooth: Enable Atheros 0cf3:311e for firmware upload
mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support
splice: Apply generic position and size checks to each write
jfs: fix readdir regression
serial: 8250_dw: Fix deadlock in LCR workaround
benet: Call dev_kfree_skby_any instead of kfree_skb.
ixgb: Call dev_kfree_skby_any instead of dev_kfree_skb.
tg3: Call dev_kfree_skby_any instead of dev_kfree_skb.
bnx2: Call dev_kfree_skby_any instead of dev_kfree_skb.
r8169: Call dev_kfree_skby_any instead of dev_kfree_skb.
8139too: Call dev_kfree_skby_any instead of dev_kfree_skb.
8139cp: Call dev_kfree_skby_any instead of kfree_skb.
tcp: tcp_make_synack() should clear skb->tstamp
tcp: fix FRTO undo on cumulative ACK of SACKed range
ipv6: Don't reduce hop limit for an interface
tcp: prevent fetching dst twice in early demux code
remove extra definitions of U32_MAX
conditionally define U32_MAX
Linux 3.10.75
pagemap: do not leak physical addresses to non-privileged userspace
console: Fix console name size mismatch
IB/mlx4: Saturate RoCE port PMA counters in case of overflow
kernel.h: define u8, s8, u32, etc. limits
net: llc: use correct size for sysctl timeout entries
net: rds: use correct size for max unacked packets and bytes
ipc: fix compat msgrcv with negative msgtyp
core, nfqueue, openvswitch: fix compilation warning
media: s5p-mfc: fix mmap support for 64bit arch
iscsi target: fix oops when adding reject pdu
ocfs2: _really_ sync the right range
be2iscsi: Fix kernel panic when device initialization fails
cifs: fix use-after-free bug in find_writable_file
usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers
cpuidle: ACPI: do not overwrite name and description of C0
dmaengine: omap-dma: Fix memory leak when terminating running transfer
iio: imu: Use iio_trigger_get for indio_dev->trig assignment
iio: inv_mpu6050: Clear timestamps fifo while resetting hardware fifo
Defer processing of REQ_PREEMPT requests for blocked devices
USB: ftdi_sio: Use jtag quirk for SNAP Connect E10
USB: ftdi_sio: Added custom PID for Synapse Wireless product
radeon: Do not directly dereference pointers to BIOS area.
writeback: fix possible underflow in write bandwidth calculation
writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth()
mm/memory hotplug: postpone the reset of obsolete pgdat
nbd: fix possible memory leak
iwlwifi: dvm: run INIT firmware again upon .start()
IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic
IB/core: Avoid leakage from kernel to user space
tcp: Fix crash in TCP Fast Open
selinux: fix sel_write_enforce broken return value
ALSA: hda - Fix headphone pin config for Lifebook T731
ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support
ALSA: hda - Add one more node in the EAPD supporting candidate list
Linux 3.10.74
net: ethernet: pcnet32: Setup the SRAM and NOUFLO on Am79C97{3, 5}
powerpc/mpc85xx: Add ranges to etsec2 nodes
hfsplus: fix B-tree corruption after insertion at position 0
dm: hold suspend_lock while suspending device during device deletion
vt6655: RFbSetPower fix missing rate RATE_12M
perf: Fix irq_work 'tail' recursion
Revert "iwlwifi: mvm: fix failure path when power_update fails in add_interface"
mac80211: drop unencrypted frames in mesh fwding
mac80211: disable u-APSD queues by default
nl80211: ignore HT/VHT capabilities without QoS/WMM
tcm_qla2xxx: Fix incorrect use of __transport_register_session
tcm_fc: missing curly braces in ft_invl_hw_context()
ASoC: wm8955: Fix wrong value references for boolean kctl
ASoC: adav80x: Fix wrong value references for boolean kctl
ASoC: ak4641: Fix wrong value references for boolean kctl
ASoC: wm8904: Fix wrong value references for boolean kctl
ASoC: wm8903: Fix wrong value references for boolean kctl
ASoC: wm2000: Fix wrong value references for boolean kctl
ASoC: wm8731: Fix wrong value references for boolean kctl
ASoC: tas5086: Fix wrong value references for boolean kctl
ASoC: wm8960: Fix wrong value references for boolean kctl
ASoC: cs4271: Fix wrong value references for boolean kctl
ASoC: sgtl5000: remove useless register write clearing CHRGPUMP_POWERUP
Change-Id: Ib7976ee2c7224e39074157e28db4158db40b00db
Signed-off-by: Kaushal Kumar <kaushalk@codeaurora.org>
commit eee5cc2702929fd41cce28058dc6d6717f723f87 upstream.
The only thing we need it for is alt-sysrq-r (emergency remount r/o)
and these days we can do just as well without going through the
list of files.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[wangkai: backport to 3.10: adjust context]
Signed-off-by: Wang Kai <morgan.wang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* commit 'v3.10.49': (529 commits)
Linux 3.10.49
ACPI / battery: Retry to get battery information if failed during probing
x86, ioremap: Speed up check for RAM pages
Score: Modify the Makefile of Score, remove -mlong-calls for compiling
Score: The commit is for compiling successfully.
Score: Implement the function csum_ipv6_magic
score: normalize global variables exported by vmlinux.lds
rtmutex: Plug slow unlock race
rtmutex: Handle deadlock detection smarter
rtmutex: Detect changes in the pi lock chain
rtmutex: Fix deadlock detector for real
ring-buffer: Check if buffer exists before polling
drm/radeon: stop poisoning the GART TLB
drm/radeon: fix typo in golden register setup on evergreen
ext4: disable synchronous transaction batching if max_batch_time==0
ext4: clarify error count warning messages
ext4: fix unjournalled bg descriptor while initializing inode bitmap
dm io: fix a race condition in the wake up code for sync_io
Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code
clk: spear3xx: Use proper control register offset
...
In addition to bringing in upstream commits, this merge also makes minor
changes to mainitain compatibility with upstream:
The definition of list_next_entry in qcrypto.c and ipa_dp.c has been
removed, as upstream has moved the definition to list.h. The implementation
of list_next_entry was identical between the two.
irq.c, for both arm and arm64 architecture, has had its calls to
__irq_set_affinity_locked updated to reflect changes to the API upstream.
Finally, as we have removed the sleep_length member variable of the
tick_sched struct, all changes made by upstream commit ec804bd do not
apply to our tree and have been removed from this merge. Only
kernel/time/tick-sched.c is impacted.
Change-Id: I63b7e0c1354812921c94804e1f3b33d1ad6ee3f1
Signed-off-by: Ian Maund <imaund@codeaurora.org>
commit dd20908a8a06b22c171f6c3fcdbdbd65bed07505 upstream.
it's pointless and actually leads to wrong behaviour in at least one
moderately convoluted case (pipe(), close one end, try to get to
another via /proc/*/fd and run into ETXTBUSY).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
... and switch i386 to HAVE_SYSCALL_WRAPPERS, killing open-coded
uses of asmlinkage_protect() in a bunch of syscalls.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
... and convert a bunch of SYSCALL_DEFINE ones to SYSCALL_DEFINE<n>,
killing the boilerplate crap around them.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Pull more VFS bits from Al Viro:
"Unfortunately, it looks like xattr series will have to wait until the
next cycle ;-/
This pile contains 9p cleanups and fixes (races in v9fs_fid_add()
etc), fixup for nommu breakage in shmem.c, several cleanups and a bit
more file_inode() work"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
constify path_get/path_put and fs_struct.c stuff
fix nommu breakage in shmem.c
cache the value of file_inode() in struct file
9p: if v9fs_fid_lookup() gets to asking server, it'd better have hashed dentry
9p: make sure ->lookup() adds fid to the right dentry
9p: untangle ->lookup() a bit
9p: double iput() in ->lookup() if d_materialise_unique() fails
9p: v9fs_fid_add() can't fail now
v9fs: get rid of v9fs_dentry
9p: turn fid->dlist into hlist
9p: don't bother with private lock in ->d_fsdata; dentry->d_lock will do just fine
more file_inode() open-coded instances
selinux: opened file can't have NULL or negative ->f_path.dentry
(In the meantime, the hlist traversal macros have changed, so this
required a semantic conflict fixup for the newly hlistified fid->dlist)
Pull signal/compat fixes from Al Viro:
"Fixes for several regressions introduced in the last signal.git pile,
along with fixing bugs in truncate and ftruncate compat (on just about
anything biarch at least one of those two had been done wrong)."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
compat: restore timerfd settime and gettime compat syscalls
[regression] braino in "sparc: convert to ksignal"
fix compat truncate/ftruncate
switch lseek to COMPAT_SYSCALL_DEFINE
lseek() and truncate() on sparc really need sign extension
Make a more complete truncate operation available to CacheFiles (including
security checks and suchlike) so that it can use this to clear invalidated
cache files.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Once you are confined to a user namespace applications can not gain
privilege and escape the user namespace so there is no longer a reason
to restrict chroot.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
...and fix up the callers. For do_file_open_root, just declare a
struct filename on the stack and fill out the .name field. For
do_filp_open, make it also take a struct filename pointer, and fix up its
callers to call it appropriately.
For filp_open, add a variant that takes a struct filename pointer and turn
filp_open into a wrapper around it.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
getname() is intended to copy pathname strings from userspace into a
kernel buffer. The result is just a string in kernel space. It would
however be quite helpful to be able to attach some ancillary info to
the string.
For instance, we could attach some audit-related info to reduce the
amount of audit-related processing needed. When auditing is enabled,
we could also call getname() on the string more than once and not
need to recopy it from userspace.
This patchset converts the getname()/putname() interfaces to return
a struct instead of a string. For now, the struct just tracks the
string in kernel space and the original userland pointer for it.
Later, we'll add other information to the struct as it becomes
convenient.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Currently, this gets set mostly by happenstance when we call into
audit_inode_child. While that might be a little more efficient, it seems
wrong. If the syscall ends up failing before audit_inode_child ever gets
called, then you'll have an audit_names record that shows the full path
but has the parent inode info attached.
Fix this by passing in a parent flag when we call audit_inode that gets
set to the value of LOOKUP_PARENT. We can then fix up the pathname for
the audit entry correctly from the get-go.
While we're at it, clean up the no-op macro for audit_inode in the
!CONFIG_AUDITSYSCALL case.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Pull vfs update from Al Viro:
- big one - consolidation of descriptor-related logics; almost all of
that is moved to fs/file.c
(BTW, I'm seriously tempted to rename the result to fd.c. As it is,
we have a situation when file_table.c is about handling of struct
file and file.c is about handling of descriptor tables; the reasons
are historical - file_table.c used to be about a static array of
struct file we used to have way back).
A lot of stray ends got cleaned up and converted to saner primitives,
disgusting mess in android/binder.c is still disgusting, but at least
doesn't poke so much in descriptor table guts anymore. A bunch of
relatively minor races got fixed in process, plus an ext4 struct file
leak.
- related thing - fget_light() partially unuglified; see fdget() in
there (and yes, it generates the code as good as we used to have).
- also related - bits of Cyrill's procfs stuff that got entangled into
that work; _not_ all of it, just the initial move to fs/proc/fd.c and
switch of fdinfo to seq_file.
- Alex's fs/coredump.c spiltoff - the same story, had been easier to
take that commit than mess with conflicts. The rest is a separate
pile, this was just a mechanical code movement.
- a few misc patches all over the place. Not all for this cycle,
there'll be more (and quite a few currently sit in akpm's tree)."
Fix up trivial conflicts in the android binder driver, and some fairly
simple conflicts due to two different changes to the sock_alloc_file()
interface ("take descriptor handling from sock_alloc_file() to callers"
vs "net: Providing protocol type via system.sockprotoname xattr of
/proc/PID/fd entries" adding a dentry name to the socket)
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (72 commits)
MAX_LFS_FILESIZE should be a loff_t
compat: fs: Generic compat_sys_sendfile implementation
fs: push rcu_barrier() from deactivate_locked_super() to filesystems
btrfs: reada_extent doesn't need kref for refcount
coredump: move core dump functionality into its own file
coredump: prevent double-free on an error path in core dumper
usb/gadget: fix misannotations
fcntl: fix misannotations
ceph: don't abuse d_delete() on failure exits
hypfs: ->d_parent is never NULL or negative
vfs: delete surplus inode NULL check
switch simple cases of fget_light to fdget
new helpers: fdget()/fdput()
switch o2hb_region_dev_write() to fget_light()
proc_map_files_readdir(): don't bother with grabbing files
make get_file() return its argument
vhost_set_vring(): turn pollstart/pollstop into bool
switch prctl_set_mm_exe_file() to fget_light()
switch xfs_find_handle() to fget_light()
switch xfs_swapext() to fget_light()
...
Pull user namespace changes from Eric Biederman:
"This is a mostly modest set of changes to enable basic user namespace
support. This allows the code to code to compile with user namespaces
enabled and removes the assumption there is only the initial user
namespace. Everything is converted except for the most complex of the
filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs,
nfs, ocfs2 and xfs as those patches need a bit more review.
The strategy is to push kuid_t and kgid_t values are far down into
subsystems and filesystems as reasonable. Leaving the make_kuid and
from_kuid operations to happen at the edge of userspace, as the values
come off the disk, and as the values come in from the network.
Letting compile type incompatible compile errors (present when user
namespaces are enabled) guide me to find the issues.
The most tricky areas have been the places where we had an implicit
union of uid and gid values and were storing them in an unsigned int.
Those places were converted into explicit unions. I made certain to
handle those places with simple trivial patches.
Out of that work I discovered we have generic interfaces for storing
quota by projid. I had never heard of the project identifiers before.
Adding full user namespace support for project identifiers accounts
for most of the code size growth in my git tree.
Ultimately there will be work to relax privlige checks from
"capable(FOO)" to "ns_capable(user_ns, FOO)" where it is safe allowing
root in a user names to do those things that today we only forbid to
non-root users because it will confuse suid root applications.
While I was pushing kuid_t and kgid_t changes deep into the audit code
I made a few other cleanups. I capitalized on the fact we process
netlink messages in the context of the message sender. I removed
usage of NETLINK_CRED, and started directly using current->tty.
Some of these patches have also made it into maintainer trees, with no
problems from identical code from different trees showing up in
linux-next.
After reading through all of this code I feel like I might be able to
win a game of kernel trivial pursuit."
Fix up some fairly trivial conflicts in netfilter uid/git logging code.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits)
userns: Convert the ufs filesystem to use kuid/kgid where appropriate
userns: Convert the udf filesystem to use kuid/kgid where appropriate
userns: Convert ubifs to use kuid/kgid
userns: Convert squashfs to use kuid/kgid where appropriate
userns: Convert reiserfs to use kuid and kgid where appropriate
userns: Convert jfs to use kuid/kgid where appropriate
userns: Convert jffs2 to use kuid and kgid where appropriate
userns: Convert hpfs to use kuid and kgid where appropriate
userns: Convert btrfs to use kuid/kgid where appropriate
userns: Convert bfs to use kuid/kgid where appropriate
userns: Convert affs to use kuid/kgid wherwe appropriate
userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids
userns: On ia64 deal with current_uid and current_gid being kuid and kgid
userns: On ppc convert current_uid from a kuid before printing.
userns: Convert s390 getting uid and gid system calls to use kuid and kgid
userns: Convert s390 hypfs to use kuid and kgid where appropriate
userns: Convert binder ipc to use kuids
userns: Teach security_path_chown to take kuids and kgids
userns: Add user namespace support to IMA
userns: Convert EVM to deal with kuids and kgids in it's hmac computation
...
Don't make the security modules deal with raw user space uid and
gids instead pass in a kuid_t and a kgid_t so that security modules
only have to deal with internal kernel uids and gids.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: James Morris <james.l.morris@oracle.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Userspace can pass weird create mode in open(2) that we canonicalize to
"(mode & S_IALLUGO) | S_IFREG" in vfs_create().
The problem is that we use the uncanonicalized mode before calling vfs_create()
with unforseen consequences.
So do the canonicalization early in build_open_flags().
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
CC: stable@vger.kernel.org
There are several entry points which dirty pages in a filesystem. mmap
(handled by block_page_mkwrite()), buffered write (handled by
__generic_file_aio_write()), splice write (generic_file_splice_write),
truncate, and fallocate (these can dirty last partial page - handled inside
each filesystem separately). Protect these places with sb_start_write() and
sb_end_write().
->page_mkwrite() calls are particularly complex since they are called with
mmap_sem held and thus we cannot use standard sb_start_write() due to lock
ordering constraints. We solve the problem by using a special freeze protection
sb_start_pagefault() which ranks below mmap_sem.
BugLink: https://bugs.launchpad.net/bugs/897421
Tested-by: Kamal Mostafa <kamal@canonical.com>
Tested-by: Peter M. Petrakis <peter.petrakis@canonical.com>
Tested-by: Dann Frazier <dann.frazier@canonical.com>
Tested-by: Massimo Morana <massimo.morana@canonical.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Most of places where we want freeze protection coincides with the places where
we also have remount-ro protection. So make mnt_want_write() and
mnt_drop_write() (and their _file alternative) prevent freezing as well.
For the few cases that are really interested only in remount-ro protection
provide new function variants.
BugLink: https://bugs.launchpad.net/bugs/897421
Tested-by: Kamal Mostafa <kamal@canonical.com>
Tested-by: Peter M. Petrakis <peter.petrakis@canonical.com>
Tested-by: Dann Frazier <dann.frazier@canonical.com>
Tested-by: Massimo Morana <massimo.morana@canonical.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Make the chown() and lchown() syscalls jump to the fchownat() syscall with the
appropriate extra arguments.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
we want to take it out of mark_files_ro() reach *before* we start
checking if we ought to drop write access.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro
Andy Lutomirski
Daniel Rosenberg
Kaushal Kumar
Ian Maund
Amir Samuelov
Linus Torvalds
Jeff Layton
David Howells
Eric W. Biederman
Miklos Szeredi
Jan Kara